Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Atlassian Confluence < 5.8.6 Server-Side Request Forgery

By kannthu

Medium
Vidoc logoVidoc Module
#confluence#atlassian#ssrf#oast
Description

What is the "Atlassian Confluence < 5.8.6 Server-Side Request Forgery?"

The "Atlassian Confluence < 5.8.6 Server-Side Request Forgery" module is designed to detect a blind server-side request forgery vulnerability in the widgetconnector plugin of Atlassian Confluence versions prior to 5.8.6. This vulnerability can allow an attacker to manipulate server-side requests and potentially access sensitive information or perform unauthorized actions.

Atlassian Confluence is a collaboration software that allows teams to create, organize, and discuss work in one place. This module specifically targets versions of Confluence that are vulnerable to server-side request forgery.

The severity of this vulnerability is classified as medium.

Impact

If successfully exploited, the server-side request forgery vulnerability in Atlassian Confluence can lead to unauthorized access to sensitive information or the execution of unauthorized actions. This can potentially result in data breaches, unauthorized modifications, or other security incidents.

How the module works?

The module works by sending a specific HTTP request to the target Confluence instance. The request is designed to trigger the server-side request forgery vulnerability in the widgetconnector plugin. The module then analyzes the response to determine if the vulnerability is present.

One example of an HTTP request sent by the module is:

GET /rest/sharelinks/1.0/link?url=https://{%InteractionURL%}/

The module uses several matching conditions to identify the presence of the vulnerability. These conditions include checking for specific words in the response body, such as "faviconURL" and "domain," as well as verifying that the response status is 200.

If all the matching conditions are met, the module reports the vulnerability as detected.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/rest/sharelinks/1.0...
Matching conditions
word: httpand
word: faviconURL, domainand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability